The Trouble with RFID

Simson L. Garfinkel | February 3, 2004

On November 15, fifteen privacy and consumer organizations called for manufacturers to voluntarily hold off on their plans to equip consumer goods with wireless tracking devices. These devices, called Radio Frequency Identification tags, are based on the same technology that lets cars pay E-ZPASS tolls without stopping. The fear of these activists is simple: They're worried that instead of being used to track boots, bluejeans and books, these so-called RFID systems will be used to track us.

RFID isn't a household word today, but within the next few years manufacturers hope to put it into many household products. Last January Gillette announced plans to order 500 million RFID chips from a California manufacturing firm called Alien Technology; Gillette plans to put the tags into packages of its razors and blades so that the high-value consumer goods can be tracked as they move from the factory through distribution and eventually to the store shelf. Last March Benetton announced similar plans to weave RFID tags into its designer clothes; the company reversed itself after a grassroots consumer group launched a worldwide boycott of Benetton products.

As its name implies, RFID systems are based on radio waves. Each tag is equipped with a tiny radio transmitter: When it "hears" a special radio signal from a reader, the tag responds by sending its own unique serial number through the air.

This wireless technology could save American businesses billions of dollars. With RFID readers at the loading docks and on the store shelves, retailers could know precisely how many packages of, say, lipstick had been received and how many had been put on the shelves. And once every product in the store is equipped with an RFID tag, stores might even be able to have an automated checkout: Shoppers could just push their carts through a doorway and have all the items in the cart automatically totaled and charged to the RFID-enabled credit card in their pocket.

Both Wal-Mart and the US military have already told their hundred largest suppliers that cartons and pallets must be equipped with unique RFID tags by January 2005. Meanwhile, MasterCard and American Express have been testing RFID-enabled credit cards. Mobil has been pushing its RFID-based "Speedpass" since 1997. And most high-end cars now come with RFID "immobilizer" circuits that won't let the cars start unless the correct RFID-enabled car key is in the ignition.

So why did the American Civil Liberties Union, the Electronic Frontier Foundation, The World Privacy Forum and a dozen other organizations ask for a voluntary moratorium on RFID technology in consumer goods? Because this use of RFID could enable an omnipresent police surveillance state, it could erode further what's left of consumer privacy and it could make identity theft even easier than it has already become.

RFID is such a potentially dangerous technology because RFID chips can be embedded into products and clothing and covertly read without our knowledge. A small tag embedded into the heel of a shoe or the inseam of a leather jacket for inventory control could be activated every time the customer entered or left the store where the item was bought; that tag could also be read by any other business or government agency that has installed a compatible reader. Unlike today's antitheft tags, every RFID chip has a unique serial number. This means that stores could track each customer's comings and goings. Those readers could also register the RFID tags that we're already carrying in our car keys and the "prox cards" that some office buildings use instead of keys.

The problem here is that RFID tags can be read through your wallet, handbag, or clothing. It's not hard to build a system that automatically reads the proximity cards, the keychain RFID "immobilizer" chips, or other RFID-enabled devices of every person who enters a store. A store could build a list of every window shopper or person who walks through the front door by reading these tags and then looking up their owners' identities in a centralized database. No such database exists today, but one could easily be built.

Indeed, such warnings might once have been dismissed as mere fear-mongering. But in today's post-9/11 world, in which the US government has already announced its plans to fingerprint and photograph foreign visitors to our country, RFID sounds like a technology that could easily be seized upon by the Homeland Security Department in the so-called "war on terrorism." But such a system wouldn't just track suspected Al Qaeda terrorists: it would necessarily track everybody--at least potentially.

Despite these fears, the privacy activists aren't saying that RFID technology should be abandoned. As it is, the technology is already in broad use currently for the tracking of pharmaceuticals (and the elimination of dangerous drug counterfeits), for tracking shipments of meat (so that contaminated batches can be rapidly identified and destroyed) and even for tracking manufactured goods to deter theft and assist in inventory control.

But companies that are pushing RFID tags into our lives should adopt rules of conduct: There should be an absolute ban on hidden tags and covert readers. Tags should be "killed" when products are sold to consumers. And this technology should never be used to secretly unmask the identity of people who wish to remain anonymous.

I was proud to be one of the people endorsing the position statement on the use of RFID in consumer products. If companies do not voluntarily abide by these principles, we should push to have them incorporated into the laws that protect our privacy rights at the state and federal level.